-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.

+1 javadoc. The javadoc tool did not generate any warning messages.

+1 javac. The applied patch does not increase the total number of javac compiler warnings.

+1 findbugs. The patch does not introduce any new Findbugs warnings.

+1 release audit. The applied patch does not increase the total number of release audit warnings.

Hadoop QA
added a comment - 20/Feb/10 23:34 -1 overall. Here are the results of testing the latest attachment
http://issues.apache.org/jira/secure/attachment/12436467/c-6579.patch
against trunk revision 912207.
+1 @author. The patch does not contain any @author tags.
-1 tests included. The patch doesn't appear to include any new or modified tests.
Please justify why no new tests are needed for this patch.
Also please list what manual steps were performed to verify this patch.
+1 javadoc. The javadoc tool did not generate any warning messages.
+1 javac. The applied patch does not increase the total number of javac compiler warnings.
+1 findbugs. The patch does not introduce any new Findbugs warnings.
+1 release audit. The applied patch does not increase the total number of release audit warnings.
-1 core tests. The patch failed core unit tests.
+1 contrib tests. The patch passed contrib unit tests.
Test results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/22/testReport/
Findbugs warnings: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/22/artifact/trunk/build/test/findbugs/newPatchFindbugsWarnings.html
Checkstyle results: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/22/artifact/trunk/build/test/checkstyle-errors.html
Console output: http://hudson.zones.apache.org/hudson/job/Hadoop-Patch-h1.grid.sp2.yahoo.net/22/console
This message is automatically generated.

Trying to keep up with some of the security jiras. You're producing a lot of code, thereby making it tricky

I think, in general, it's not that useful to write arbitrary writables to base64-encoded strings. Most browsers limit how long URL strings can be, so you've got to be pretty careful about what you're up to. Would you consider instead making this more specific, by moving this code into Token.getAsUrlSafeString() and (static) Token.fromUrlSafeString()? Or, equivalently, leave the code here, but in redirectToRandomDataNode() (patch in HDFS-991), use a method on the Token instead of WritableUtils. (This has the additional property that one could serialize tokens however; they just have to have a URL-safe string serialization.)

Philip Zeyliger
added a comment - 24/Feb/10 18:57 Hi Owen,
Trying to keep up with some of the security jiras. You're producing a lot of code, thereby making it tricky
I think, in general, it's not that useful to write arbitrary writables to base64-encoded strings. Most browsers limit how long URL strings can be, so you've got to be pretty careful about what you're up to. Would you consider instead making this more specific, by moving this code into Token.getAsUrlSafeString() and (static) Token.fromUrlSafeString()? Or, equivalently, leave the code here, but in redirectToRandomDataNode() (patch in HDFS-991 ), use a method on the Token instead of WritableUtils. (This has the additional property that one could serialize tokens however; they just have to have a URL-safe string serialization.)
Looked at the code and tests. Those look clear and good.
– Philip

Owen O'Malley
added a comment - 24/Feb/10 21:58 I think it is more useful than that, but I've made the change to more the methods into Token. I also added toString, equals, hashCode, and new constructor to Token so that I could test the new code.

Owen O'Malley
added a comment - 25/Feb/10 06:35 This patch fixes one of the test cases to add the extra parameters to the Base64 constructor. It must have changed semantics between 1.3 and 1.4 of the library.